Posted by: David Harley | October 16, 2017

DoubleLocker: interview with Lukáš Štefanko

More about DoubleLocker from ESET: DoubleLocker Android ransomware explained

David Harley

Posted by: David Harley | October 16, 2017

Apple ID password prompt bug report

Thomas Claburn for The Register: Apple’s iOS password prompts prime punters for phishing: Too easy now for apps to swipe secrets, dev warns – Fake login request boxes spark formal bug report

Bug report on Open Radar: Apple ID password prompts can easily be replicated, phishing attacks easily possible

David Harley


Posted by: David Harley | October 13, 2017

Innovative Android Ransomware DoubleLocker

ESET reports that “ESET researchers have spotted the first-ever ransomware misusing Android accessibility services. On top of encrypting data, it also locks the device.”

DoubleLocker: Innovative Android Ransomware

David Harley

Posted by: David Harley | October 12, 2017

Sophos: Three Apple Malware Scams

The estimable Paul Ducklin (sorry not to have seen you at VB this year, Duck!) advises us to Watch out for these high-pressure Apple malware scams. 

To be precise, a couple of tech support scams and a fake Flash Player update. Ho hum… Still, the first one is particularly interesting, if you’re a connoisseur of these things.

David Harley

Posted by: David Harley | September 12, 2017

Blackberry losing the security plot?

Andrew Orlowski for The Register: BlackBerry admits: We could do better at patching – Still the most secure Android? It won’t get last year’s update

Not quite as bad as it sounds, but a bit of a comedown for a company that always prided itself on its security record…

David Harley

Posted by: David Harley | August 24, 2017

Insecure macOS API. Still.

Michael Mimoso for Kaspersky ThreatPost: DEPRECATED, INSECURE APPLE AUTHORIZATION API CAN BE ABUSED TO RUN CODE AT ROOT.  Quote from the blog:

A deprecated Apple authorization API, invoked by third-party installers, is still developers’ preferred choice for updating apps and services on macOS … The situation is known and was raised again last month during DEF CON by noted Mac security researcher Patrick Wardle, chief security researcher at Synack.

David Harley

Posted by: David Harley | August 11, 2017

SMS touch – plain(text)ly an issue

David Bisson for Graham Cluley’s blog: SMS touch a security and privacy nightmare for iOS users – “Plaintext data transmissions make $1.99 app a spoofer’s delight…”

David Harley



Posted by: David Harley | August 11, 2017

Mugthesec Mac adware

Zeljka Zorz for Help Net Security: Stealthy Mughthesec Mac adware exposed: What it does, how to protect yourself.

Original analysis by Patrick Wardle: WTF is Mughthesec!? › poking on a piece of undetected adware

I wish people would include file hashes as text as well as screenshots: it’s a little exasperating having to type a hash like 9c4f74feff131fa93dd04175795f334649ee91ad7fce11dc661231254e1ebd84 from a screenshot in order to make use of it for further research. Much less error-prone if you can copy and paste a text string. 😉

Anyway, VirusTotal currently reports that two companies now detect that adware.


David Harley

Posted by: David Harley | August 10, 2017

Android Patches

Or as The Register puts it: It’s August 2017 and your Android gear can be pwned by, oh look, just patch the things – Google addresses dozens of security flaws in mobile platform

Android’s own security bulletin is here.

David Harley

Posted by: David Harley | August 8, 2017

AV-Comparatives Mac Security Review

AV-C’s Mac Security Test and Review report, July 2017:

Mac Reviews / Tests

Includes testing of the following:

Avast Mac Security
AVG AntiVirus for Mac
Avira Antivirus Pro for Mac
Bitdefender Antivirus for Mac
BitMedic AntiVirus
ESET Cyber Security Pro
Intego Mac Premium Bundle X9
Kaspersky Internet Security for Mac
Webroot SecureAnywhere Internet Security Complete

David Harley

Older Posts »